Remove SSL_state and SSL_set_state

SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

CHANGES

@@ -7,12 +7,14 @@
   *) State machine rewrite. The state machine code has been significantly
      refactored in order to remove much duplication of code and solve issues
      with the old code (see ssl/statem/README for further details). This change
-     does have some associated API changes. Notably SSL_get_state/SSL_state now
+     does have some associated API changes. Notably the SSL_state() function
-     returns an "OSSL_HANDSHAKE_STATE" instead of an int. The previous handshake
+     has been removed and replaced by SSL_get_state which now returns an
-     states defined in ssl.h and ssl3.h have been redefined to be the nearest
+     "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed
-     equivalent OSS_HANDSHAKE_STATE value. Not all states have an equivalent
+     altogether. The previous handshake states defined in ssl.h and ssl3.h have
-     value, (e.g. SSL_ST_CW_FLUSH). New application code should not use the old
+     been redefined to be the nearest equivalent OSS_HANDSHAKE_STATE value. Not
-     handshake state values, but should instead use OSSL_HANDSHAKE_STATE.
+     all states have an equivalent value, (e.g. SSL_ST_CW_FLUSH). New
+     application code should not use the old handshake state values, but should
+     instead use OSSL_HANDSHAKE_STATE.
      [Matt Caswell]
 
   *) The demo files in crypto/threads were moved to demo/threads.

apps/s_server.c

@@ -2428,7 +2428,7 @@ static int init_ssl_connection(SSL *con)
 #ifdef CERT_CB_TEST_RETRY
     {
         while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-               && SSL_state(con) == TLS_ST_SR_CLNT_HELLO) {
+               && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
             BIO_printf(bio_err,
                        "LOOKUP from certificate callback during accept\n");
             i = SSL_accept(con);

doc/ssl/ssl.pod

@@ -624,7 +624,7 @@ success or 0 on failure.
 
 =item int B<SSL_shutdown>(SSL *ssl);
 
-=item OSSL_HANDSHAKE_STATE B<SSL_state>(const SSL *ssl);
+=item OSSL_HANDSHAKE_STATE B<SSL_get_state>(const SSL *ssl);
 
 Returns the current handshake state.
 

include/openssl/ssl.h

@@ -1006,7 +1006,6 @@ typedef enum {
 # define SSL_CB_HANDSHAKE_DONE           0x20
 
 /* Is the SSL_connection established? */
-# define SSL_get_state(a)                SSL_state(a)
 # define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
 # define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
 int SSL_in_init(SSL *s);
@@ -1700,8 +1699,7 @@ void SSL_set_info_callback(SSL *ssl,
                            void (*cb) (const SSL *ssl, int type, int val));
 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
                                                int val);
-__owur OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state);
 
 void SSL_set_verify_result(SSL *ssl, long v);
 __owur long SSL_get_verify_result(const SSL *ssl);

ssl/record/rec_layer_d1.c

@@ -283,8 +283,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 #ifndef OPENSSL_NO_SCTP
     /* Store bio_dgram_sctp_rcvinfo struct */
     if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-        (SSL_state(s) == TLS_ST_SR_FINISHED
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
-         || SSL_state(s) == TLS_ST_CR_FINISHED)) {
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
         BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
                  sizeof(rdata->recordinfo), &rdata->recordinfo);
     }

ssl/ssl_stat.c

@@ -93,7 +93,7 @@ const char *SSL_state_string_long(const SSL *s)
         return "error";
     }
 
-    switch (SSL_state(s)) {
+    switch (SSL_get_state(s)) {
     case TLS_ST_BEFORE:
         str = "before SSL initialization";
         break;
@@ -208,7 +208,7 @@ const char *SSL_state_string(const SSL *s)
         return "SSLERR";
     }
 
-    switch (SSL_state(s)) {
+    switch (SSL_get_state(s)) {
     case TLS_ST_BEFORE:
         str = "PINIT ";
         break;

ssl/statem/statem.c

@@ -110,20 +110,11 @@ static enum SUB_STATE_RETURN read_state_machine(SSL *s);
 static void init_write_state_machine(SSL *s);
 static enum SUB_STATE_RETURN write_state_machine(SSL *s);
 
-OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl)
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
 {
     return ssl->statem.hand_state;
 }
 
-void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state)
-{
-    /*
-     * This function seems like a really bad idea. Should we remove it
-     * completely?
-     */
-    ssl->statem.hand_state = state;
-}
-
 int SSL_in_init(SSL *s)
 {
     return s->statem.in_init;